Sample code for 30+ languages & platforms
JavaScript

ClickBank Decrypt Instant Notification

See more ClickBank Examples

Demonstrates how to decrypt a ClickBank instant notification. See Instant Notification Service for more information and alternative code snippets.
Note
This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.
JavaScript
var success = false;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// secret key from your ClickBank account
var secretKey = "MY_SECRET_KEY";

var jsonStr = "{\"notification\":\"BASE64_NOTIFICATION\",\"iv\":\"BASE64_IV\"}";

var json = new CkJsonObject();
success = json.Load(jsonStr);

// Get the encrypted notification (binary) and IV from the JSON.
var bdNotif = new CkBinData();
var bdIv = new CkBinData();

success = bdNotif.AppendEncoded(json.StringOf("notification"),"base64");
success = bdIv.AppendEncoded(json.StringOf("iv"),"base64");

// Get an SHA1 digest (as a hex string) of the secret key.
// A SHA1 digest is 20 bytes.  Therefore the hex string is 40 chars.
// Treat each us-ascii char as a binary byte of the secret key.
// 256-bit AES needs a 256-bit key, which is 32-bytes.  Therefore
// use the 1st 32 us-ascii chars of the hex SHA1 as the AES secret key.

var crypt = new CkCrypt2();
// Because we're using the hex string as the actual AES key, it matters whether the hex is uppercase or lowercase.
// We want lowercase.
crypt.EncodingMode = "hex_lower";
crypt.HashAlgorithm = "sha1";
var hexSha1 = crypt.HashStringENC(secretKey);
console.log(hexSha1);

// Treat the hex string as binary data for the AES key..
var bdKey = new CkBinData();
bdKey.AppendString(hexSha1,"us-ascii");
bdKey.RemoveChunk(32,8);

crypt.KeyLength = 256;
crypt.CryptAlgorithm = "aes";
crypt.CipherMode = "cbc";

// We can use any encoding because were just getting the binary bytes in an encoding, and then setting from the same encoding.
// We'll just use base64..
crypt.SetEncodedIV(bdIv.GetEncoded("base64"),"base64");
crypt.SetEncodedKey(bdKey.GetEncoded("base64"),"base64");

crypt.DecryptBd(bdNotif);
console.log("Decrypted: " + bdNotif.GetString("utf-8"));